Worldcoin’s biometric gamble is a privacy time bomb

Opinion by Ankur Rakhi Sinha, co-founder and CEO of Airchains.

As a mining engineer who once mined Ether in my spare time, I’ve seen my fair share of crypto projects that promised the moon but delivered nothing but headaches. The latest fiasco, Worldcoin, is a stark reminder of why we can’t build a plane while flying it. 

Worldcoin’s approach to user data protection was as secure as a Swiss cheese. They asked users for iris and face scans in exchange for digital IDs and tokens, only to get slapped with fines and lawsuits worldwide. It’s like offering candy to kids without checking if it’s been laced with laxatives! 

Their use of ZKsync and black box nodes was a recipe for disaster. It’s like building a fortress with cardboard walls and expecting it to withstand a siege. 

We need better, we need stronger. We need privacy stacks that are as bulletproof as the armor I used to wear in my mining days. Combining ZK-proofs and FHE can help us build genuinely private and secure identity onchain. It’s time for a new terminology: let’s call it “Privacy Armor”. 

Remember, when it comes to user data, we’re not just building castles in the sky; we’re building fortresses that protect our digital identities. So, let’s make sure they can withstand any siege, whether it’s from hackers or overzealous regulators!

Ankur Rakhi Sinha is co-founder and CEO of Airchains, a modular and multichain privacy network that powers verifiable and confidential computation based on ZK and FHE. Before founding Airchains, he worked with Matic and Polygon Edge as an engineer designing institutional use cases in India through his consulting firm, Retcons Technology. Sinha was previously a radio host who studied mining engineering at the Government Engineering College, Jagdalar while mining Ether in his spare time. This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice.


Opinion by Ankur Rakhi Sinha, co-founder and CEO of Airchains.

Worldcoin, established by Sam Altman of OpenAI renown in 2019, has encountered consistent issues globally, including fines and legal battles. The common accusations against it, now widely known as “World” since October 2024, are that they failed to safeguard user data effectively. This company offers users a digital ID and free tokens in return for verifying their humanity through iris and facial recognition scans. However, numerous governments have halted their operations due to breaches of privacy regulations within their jurisdictions.

The laws and rules designed to safeguard user information are typically implemented following a data breach, instead of beforehand. For blockchain technology to be widely accepted in practical applications, privacy is crucial. The lesson from Worldcoin is that trying to construct something complex like a plane mid-flight is not feasible.

Back in 2024, Worldcoin was one of those wild crypto concepts that saw a resurgence due to significant investments fueled by influence and hype. However, as a seasoned crypto investor, I believe we shouldn’t solely rely on such unproven ideas. Instead, let’s seize the opportunity to develop robust, scalable data-recording systems right now – ones that steer clear of the privacy issues Worldcoin encountered. This way, we can ensure a smoother and more secure journey for all crypto enthusiasts moving forward.

Let’s rally the cryptocurrency community! Continue aiming high with innovative projects, but also adopt the latest encryption technologies to ensure the security of our creations, particularly our biometric information. Privacy is essential for everyone, so let’s build that trust together.

Recent: Blockchain testnet launch brings Web3 applications closer to Web2 standards

The trouble with Worldcoin

The trouble with Worldcoin starts with its black box nodes. World Chain was built as a permissioned layer-2 blockchain on top of Ethereum, which does not allow anyone to become a node or a link on the network. Only World Chain insiders controlled the network. Only members of the Worldcoin node club can verify what’s happening on its blockchain, leaving it highly vulnerable to attacks and exploits from outside hackers.

As an analyst, I’ve come to realize that the greater the transparency of an application’s processes, the higher the probability of identifying potential vulnerabilities within its system. Consequently, it’s crucial that biometric data is not confined to black boxes without stringent safeguards and robust security measures in place.

As a crypto investor, I’ve noticed that even public blockchains can encounter issues when they are controlled inefficiently by private entities, creating isolated environments often referred to as “walled gardens.” Initially, the intention behind blockchain technology was for it to provide secure data storage, management, and transfer while maintaining transparency and trust. However, this trust seems to have been eroded due to the storage of sensitive biometric data within these walled gardens, away from public scrutiny. This approach directly contradicts the very essence of decentralization.

ZK, the great new hope?

Worldcoin operates on ZKSync, a service that offers zero-knowledge proofs. This technology ensures the accuracy of data without disclosing its content, making it a promising solution for safeguarding biometric information’s privacy. While ZK is frequently touted as a potential cure for all privacy issues, it should be noted that it does not address concerns related to data storage.

Regardless of Worldcoin’s claim that they will erase excess data after training their models, as stated in an updated blog post, the Worldcoin data breach incident implies that Zero-Knowledge proofs were not implemented within a secure, enclosed system.

Building genuinely private and secure identity onchain 

Following Worldcoin, other organizations focused on securing biometric data have appeared. Fractal ID established a Decentralized Identity system that can work with various platforms to help external parties with customer verification processes (KYC). However, in July 2024, Fractal experienced a major breach when a ransomware group obtained the personal information of approximately 300,000 users, including photos, bank statements, proof of addresses, and Bitcoin and Ether wallet addresses.

Even this credible attempt at onchain identity highlights the need for further protection of user data, especially biometric data. That additional protection can be found by using different kinds of encryption and not relying solely on ZK-proofs. 

After Worldcoin, ZK is only part of the solution

Ensuring encryption is properly used and verified is essential for safeguarding users’ biometric information in digital identification systems. Zero-Knowledge Proofs are beneficial for verifying computations, but there’s a catch: the prover needs access to private data to create the proof. This poses an issue with Worldcoin because you have to trust Altman and his team not to misuse your confidential information.

By integrating Zero-Knowledge Proofs and advanced encryption methods like Fully Homomorphic Encryption (FHE), digital biometric ID service providers can securely store sensitive information while ensuring complete privacy. This combination, known as ZK-FHE, allows for the verification of computations without requiring access to your confidential data.

Using Fully Homomorphic Encryption (FHE), we can eliminate the formation of centralized weak points, frequently exploited by hackers. This encryption method bolsters confidence in biometric systems by keeping user information safe and secure, even during authentication or verification procedures.

As an analyst, I can express this in a simplified manner: Zero-Knowledge (ZK) proof ensures something is true while keeping details hidden, and Fully Homomorphic Encryption (FHE) enables calculations on encrypted data without decrypting it, ensuring safety. Combining these two technologies, ZK-FHE, can prevent future privacy issues like the Worldcoin debacle and propel our industry towards more realistic, secure advancements.

We need a new terminology for privacy stacks

As a cryptocurrency investor, I firmly believe that transparency and trust go hand in hand. It’s not about consumer products assuring privacy through empty promises; instead, it’s about fostering confidence by being open about the workings beneath the surface. That’s what I call investing in privacy with confidence.

Utilizing ZK-FHE in a stacked configuration is crucial for handling and validating biometric data due to its ability to keep confidential information like fingerprints or facial scans secure at all times during their entire existence, without the need for decryption at any point.

In the year 2024, practical applications of Zero-Knowledge Function Encryption (ZK-FHE) were already in use. Notably, local Indian government land registries and various Non-Governmental Organizations (NGOs) had employed these for record-keeping purposes. This intriguing blend of ZK-proofs and FHE could potentially revolutionize the scalable management of blockchain records.

As a crypto enthusiast, I recognize the potential advantages of on-chain biometric IDs across various applications. However, I firmly believe that we can—and should—strive for more. For us to truly safeguard our privacy, it’s essential to incorporate multiple layers of protection. Failure to do so will inevitably leave room for hackers to exploit potential weaknesses.

Ankur Rakhi Sinha serves as both co-founder and CEO of Airchains, a flexible and cross-chain privacy network that facilitates secure and confidential computations using Zero Knowledge (ZK) and Fully Homomorphic Encryption (FHE). Prior to launching Airchains, he was an engineer at Matic and Polygon Edge, developing institutional applications in India through his consulting firm, Retcons Technology. Previously, Sinha was a radio host who earned a degree in mining engineering from the Government Engineering College in Jagdalar, all while mining Ether during his free time.

This piece is designed to provide a broad understanding rather than serve as legal or financial guidance. Please remember that the perspectives, ideas, and viewpoints shared here are solely those of the author and may not align with or be endorsed by CryptoMoon.

Read More

2024-11-21 10:14